Protections against SSRF vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below not fully honored, allowing remote, unauthenticated attacker to forge requests to arbitrary URLs
Reporter | Title | Published | Views | Family All 11 |
---|---|---|---|---|
Prion | Server side request forgery (ssrf) | 29 Dec 202220:15 | – | prion |
Prion | Server side request forgery (ssrf) | 29 Dec 202220:15 | – | prion |
Prion | Server side request forgery (ssrf) | 29 Dec 202220:15 | – | prion |
NVD | CVE-2022-38203 | 29 Dec 202220:15 | – | nvd |
NVD | CVE-2022-38212 | 29 Dec 202220:15 | – | nvd |
NVD | CVE-2022-38211 | 29 Dec 202220:15 | – | nvd |
Cvelist | CVE-2022-38212 Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) | 30 Dec 202205:13 | – | cvelist |
Cvelist | CVE-2022-38203 The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only) | 30 Dec 202205:13 | – | cvelist |
Cvelist | CVE-2022-38211 Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only) | 30 Dec 202205:13 | – | cvelist |
CVE | CVE-2022-38203 | 30 Dec 202205:13 | – | cve |
[
{
"vendor": "Esri",
"product": "ArcGIS Enterprise",
"versions": [
{
"version": "Portal for ArcGIS",
"status": "affected",
"lessThanOrEqual": "10.9.1",
"versionType": "custom"
}
],
"platforms": [
"x64"
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo